Export limit exceeded: 364891 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364891 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35990 | 1 Foxit | 1 Pdf Reader | 2024-11-21 | 5.5 Medium |
| Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file. | ||||
| CVE-2020-35987 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | ||||
| CVE-2020-35986 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | ||||
| CVE-2020-35985 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. | ||||
| CVE-2020-35984 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | ||||
| CVE-2020-35982 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c. | ||||
| CVE-2020-35981 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c. | ||||
| CVE-2020-35980 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c. | ||||
| CVE-2020-35979 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c. | ||||
| CVE-2020-35973 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.4 Medium |
| An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php. | ||||
| CVE-2020-35972 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.3 Medium |
| An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html. | ||||
| CVE-2020-35971 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 5.4 Medium |
| A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page. | ||||
| CVE-2020-35970 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 7.5 High |
| An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read. | ||||
| CVE-2020-35965 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 7.5 High |
| decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. | ||||
| CVE-2020-35964 | 2 Ffmpeg, Linux | 2 Ffmpeg, Linux Kernel | 2024-11-21 | 6.5 Medium |
| track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | ||||
| CVE-2020-35963 | 2 Linux, Treasuredata | 2 Linux Kernel, Fluent Bit | 2024-11-21 | 7.8 High |
| flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion. | ||||
| CVE-2020-35962 | 1 Loopring | 1 Loopring | 2024-11-21 | 7.5 High |
| The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation. | ||||
| CVE-2020-35952 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 6.5 Medium |
| login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration. | ||||
| CVE-2020-35951 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 9.9 Critical |
| An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files). | ||||
| CVE-2020-35950 | 1 Xcloner | 1 Xcloner | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint). | ||||